Hello Mates,
I plan to upgrade a R80.10 standalone system, so I update first to the last Jumbo.
but in between the ICA was outdated and no access to the Smartconsole was possible
so I did the ICA renew by following sk158096 and using the ICA_renewal_V7.sh not yet realizing that this script may be not valid for R80.10.
I got following error in the last step when MCC replace should exchange the ICA to the database:
Expert@fred:0]# ./ICA_renewal_V7.sh
Please note that sk158096 exists with all relevant information regarding this process.
It is recommended to take a snapshot before running this procedure.
This script makes critical changes.
Are you still want to renew the internal CA (y/n)? y
About to ask the Internal CA to sign again its own certificate.
Re-signing the Internal CA certificate finished successfully.
The new certificate is saved to file 'new_ica.cer'.
Note that the new certificate is not loaded into the objects database.
Use the following command to replace the ICA certificate in the objects database:
mcc replace internal_ca new_ica.cer
MCC: [ERROR] Failed to login.
MCC: CA objects not loaded.
MCC: Could not find CA internal_ca.
ICA certificate replacement in MGMT database failed. Exiting...
so I tried again
[Expert@fred:0]# mcc replace internal_ca new_ica.cer
MCC: [ERROR] Failed to login.
MCC: CA objects not loaded.
MCC: Could not find CA internal_ca.
[Expert@fred:0]#
but the log ist successful and the certs are there
[Expert@fred:0]# mcc lca
MCC: [ERROR] Failed to login.
MCC: CA Objects not loaded
echo $(pwd)/InternalCA.p12
/home/admin/InternalCA.p12
sicRenew -d
was successful too, so I have valid cert's now, only not able to add them to the database
checked by
cpopenssl pkcs12 -in $FWDIR/conf/InternalCA.p12 -nokeys -nomacver -passin pass: 2>/dev/null | cpopenssl x509 -noout -enddate
and
cpca_client lscert -stat Valid -kind SIC
I already asked my customer if the Admin Account which was used to established the system was deleted and substituted with a new account.
May be this could be the reason ?
- any ideas for fixing this ?
I would appreciate any input
Thanks in Advance
Gero